Gallery Security Vulnerabilities and Issues — Gallery CVE List

Lucene search

MenaltoGallery

5 matches found

CVE•added 2008/06/16 11:41 p.m.•51 views

CVE-2008-2722

Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive.

7.5CVSS6.4AI score0.00361EPSS

CVE•added 2013/10/10 12:55 a.m.•42 views

CVE-2013-2240

lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138.

7.5CVSS6.5AI score0.01207EPSS

CVE•added 2013/10/10 12:55 a.m.•39 views

CVE-2013-2138

The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.

7.5CVSS6.5AI score0.01207EPSS

CVE•added 2012/08/15 9:55 p.m.•35 views

CVE-2012-4343

Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors.

7.5CVSS7.5AI score0.00334EPSS

CVE•added 2008/01/17 2:0 a.m.•33 views

CVE-2007-6689

Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module.

7.5CVSS7.3AI score0.00732EPSS